cgit < 1.2.1 - Directory Traversal

cGit 1.2.1 via cgitcloneobjects has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. id: CVE-2018-14912 info: name: cgit 1.2.1 - Directory Traversal author: 0xAkoko severity: high description: cGit...

EUVD-2012-4394

Malware in sbrugna...

EUVD-2016-2994

Malware in sbrugna...

EUVD-2011-2692

Malware in sbrugna...

EUVD-2016-2995

Malware in sbrugna...

EUVD-2013-2086

Malware in sbrugna...

EUVD-2012-4476

Malware in sbrugna...

EUVD-2016-2993

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-14912

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cgitcloneobjects in CGit before 1.2.1 has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a...

OPENSUSE-SU-2024:10679-1 cgit-1.2.3-1.10 on GA media

These are all security issues fixed in the cgit-1.2.3-1.10 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10137-1 cgit-1.0-1.3 on GA media

These are all security issues fixed in the cgit-1.0-1.3 package on the GA media of openSUSE Tumbleweed...

VulnCheck KEV: CVE-2018-14912

cgitcloneobjects in CGit before 1.2.1 has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request...

SUSE CVE-2011-1027

Off-by-one error in the convertqueryhexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service infinite loop via a string composed of a % percent character followed by invalid hex characters, as demonstrated by a %gg sequence...

SUSE CVE-2011-2711

Cross-site scripting XSS vulnerability in the printfileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint...

SUSE CVE-2012-4465

Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service crash and possibly execute arbitrary code via an empty username in the "Author" field in a commit...

SUSE CVE-2012-4548

Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command...

SUSE CVE-2013-2117

Directory traversal vulnerability in the cgitparsereadme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary files via a .. dot dot in the url parameter...

SUSE CVE-2016-1899

CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting XSS attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit....

SUSE CVE-2016-1901

Integer overflow in the authenticatepost function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow...

SUSE CVE-2018-14912

cgitcloneobjects in CGit before 1.2.1 has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request...